BSD Commit Log Search

   s/macdep/machdep/ in comments.

   new xz.

   bump liblzma.

   merge changes between 5.2.4 and 5.8.3

   s/peudo/pseudo/ in comment.

   doc: Updated misc/window to 20260407

   doc: Updated security/py-cryptography_vectors to 46.0.7

   py-cryptography_vectors: update to 46.0.7.

   To match py-cryptography

   doc: Updated security/py-cryptography to 46.0.7

   py-cryptography: update to 46.0.7.

   46.0.7 - 2026-01-27
   ~~~~~~~~~~~~~~~~~~~

   * **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be
     passed to APIs that accept Python buffers, which could lead to buffer
     overflow. **CVE-2026-39892**
   * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.

   Import xz-5.8.3 (previous was 5.2.4)

   5.8.3 (2026-03-31)

       * liblzma:

           - Fix a buffer overflow in lzma_index_append(): If
             lzma_index_decoder() was used to decode an Index that
             contained no Records, the resulting lzma_index was left in
             a state where where a subsequent lzma_index_append() would
             allocate too little memory, and a buffer overflow would occur.

             The lzma_index functions are rarely used by applications
             directly. In the few applications that do use these functions,
             the combination of function calls required to trigger this bug
             are unlikely to exist, because there typically is no reason to
             append Records to a decoded lzma_index. Thus, it's likely that
             this bug cannot be triggered in any real-world application.


    [37 lines not shown]

   window: reset PKGREVISION after update

   Check inet_ntop(3) return value.

   doc: Updated pkgtools/mktool to 1.5.7

   mktool: Update to 1.5.7.

   ## Version 1.5.7 (2026-04-08)

   * check-shlibs: Fix issue causing macOS libraries to erroneously pass.

   Further refinements to escape sequence handling.
   Specifically, provide for esc([)* sequences we don't know about.

   Fix repository file name and bump revision.

Add a package for rust-beta

This package is for NetBSD amd64, a.k.a. x86_64 only!
Everything related to other OSs and/or target platforms has been stripped off.

The beta channel has several iterations along the path to next stable release.
Regenerating checksums may be needed to build the correct rust-beta iteration.

rust: remove old and pkgsrc current version

   new OpenSSH

   bump libssh

   Merge changes between OpenSSH-10.2 and 10.3

   Import OpenSSH-10.3 (previous was 10.2)

   OpenSSH 10.3 was released on 2026-04-02. It is available from the
   mirrors listed at https://www.openssh.com/.
   OpenSSH is a 100% complete SSH protocol 2.0 implementation and
   includes sftp client and server support.

   Once again, we would like to thank the OpenSSH community for their
   continued support of the project, especially those who contributed
   code or patches, reported bugs, tested snapshots or donated to the
   project. More information on donations may be found at:
   https://www.openssh.com/donations.html

   Potentially-incompatible changes
   --------------------------------

    * ssh(1), sshd(8): remove bug compatibility for implementations
      that don't support rekeying. If such an implementation tries to
      interoperate with OpenSSH, it will now eventually fail when the

    [288 lines not shown]

   New OpenSSL

   Merge changes between OpenSSL 3.5.5 and 3.5.6

   Import OpenSSL-3.5.6 (previous was 3.5.5)

   ### Changes between 3.5.5 and 3.5.6 [7 Apr 2026]

    * Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.

      Severity: Moderate

      Issue summary: Applications using RSASVE key encapsulation to establish
      a secret encryption key can send contents of an uninitialized memory buffer
      to a malicious peer.

      Impact summary: The uninitialized buffer might contain sensitive data
      from the previous execution of the application process which leads
      to sensitive data leakage to an attacker.

      Reported by: Simo Sorce (Red Hat).

      ([CVE-2026-31790])

    [126 lines not shown]

   Properly capitalize Ethernet.

   vnstati: Bump PKGREVISION and improve build

   Don't need gmake any longer.
   Its own Makefile now installs correctly, so don't roll our own.
   Remove incorrect path to check for a config file.
   Add blank line at top of DESCR fragment to improve final output.

   vnstat: bump PKGREVISION and improve build

   Don't need gmake any longer.
   Its own Makefile now installs correctly, so don't roll our own.
   Move example configuration file to subdir.
   Move vnstatd daemon to sbin, from bin.
   Remove incorrect path to check for a config file.

   lang/ruby/rubyversion.mk: nuke ruby32 (in comment)

   doc: Updated graphics/ruby-cairo to 1.18.5